7716682cc5
Ilya reported following lockdep splat:
kernel: =========================
kernel: [ BUG: held lock freed! ]
kernel: 4.5.0-rc1-ceph-00026-g5e0a311 #1 Not tainted
kernel: -------------------------
kernel: swapper/5/0 is freeing memory
ffff880035c9d200-ffff880035c9dbff, with a lock still held there!
kernel: (&(&queue->rskq_lock)->rlock){+.-...}, at:
[<ffffffff816f6a88>] inet_csk_reqsk_queue_add+0x28/0xa0
kernel: 4 locks held by swapper/5/0:
kernel: #0: (rcu_read_lock){......}, at: [<ffffffff8169ef6b>]
netif_receive_skb_internal+0x4b/0x1f0
kernel: #1: (rcu_read_lock){......}, at: [<ffffffff816e977f>]
ip_local_deliver_finish+0x3f/0x380
kernel: #2: (slock-AF_INET){+.-...}, at: [<ffffffff81685ffb>]
sk_clone_lock+0x19b/0x440
kernel: #3: (&(&queue->rskq_lock)->rlock){+.-...}, at:
[<ffffffff816f6a88>] inet_csk_reqsk_queue_add+0x28/0xa0
To properly fix this issue, inet_csk_reqsk_queue_add() needs
to return to its callers if the child as been queued
into accept queue.
We also need to make sure listener is still there before
calling sk->sk_data_ready(), by holding a reference on it,
since the reference carried by the child can disappear as
soon as the child is put on accept queue.
Reported-by: Ilya Dryomov <idryomov@gmail.com>
Fixes: ebb516af60
("tcp/dccp: fix race at listener dismantle phase")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
329 lines
10 KiB
C
329 lines
10 KiB
C
/*
|
|
* NET Generic infrastructure for INET connection oriented protocols.
|
|
*
|
|
* Definitions for inet_connection_sock
|
|
*
|
|
* Authors: Many people, see the TCP sources
|
|
*
|
|
* From code originally in TCP
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
#ifndef _INET_CONNECTION_SOCK_H
|
|
#define _INET_CONNECTION_SOCK_H
|
|
|
|
#include <linux/compiler.h>
|
|
#include <linux/string.h>
|
|
#include <linux/timer.h>
|
|
#include <linux/poll.h>
|
|
|
|
#include <net/inet_sock.h>
|
|
#include <net/request_sock.h>
|
|
|
|
#define INET_CSK_DEBUG 1
|
|
|
|
/* Cancel timers, when they are not required. */
|
|
#undef INET_CSK_CLEAR_TIMERS
|
|
|
|
struct inet_bind_bucket;
|
|
struct tcp_congestion_ops;
|
|
|
|
/*
|
|
* Pointers to address related TCP functions
|
|
* (i.e. things that depend on the address family)
|
|
*/
|
|
struct inet_connection_sock_af_ops {
|
|
int (*queue_xmit)(struct sock *sk, struct sk_buff *skb, struct flowi *fl);
|
|
void (*send_check)(struct sock *sk, struct sk_buff *skb);
|
|
int (*rebuild_header)(struct sock *sk);
|
|
void (*sk_rx_dst_set)(struct sock *sk, const struct sk_buff *skb);
|
|
int (*conn_request)(struct sock *sk, struct sk_buff *skb);
|
|
struct sock *(*syn_recv_sock)(const struct sock *sk, struct sk_buff *skb,
|
|
struct request_sock *req,
|
|
struct dst_entry *dst,
|
|
struct request_sock *req_unhash,
|
|
bool *own_req);
|
|
u16 net_header_len;
|
|
u16 net_frag_header_len;
|
|
u16 sockaddr_len;
|
|
int (*setsockopt)(struct sock *sk, int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
int (*getsockopt)(struct sock *sk, int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
#ifdef CONFIG_COMPAT
|
|
int (*compat_setsockopt)(struct sock *sk,
|
|
int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
int (*compat_getsockopt)(struct sock *sk,
|
|
int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
#endif
|
|
void (*addr2sockaddr)(struct sock *sk, struct sockaddr *);
|
|
int (*bind_conflict)(const struct sock *sk,
|
|
const struct inet_bind_bucket *tb, bool relax);
|
|
void (*mtu_reduced)(struct sock *sk);
|
|
};
|
|
|
|
/** inet_connection_sock - INET connection oriented sock
|
|
*
|
|
* @icsk_accept_queue: FIFO of established children
|
|
* @icsk_bind_hash: Bind node
|
|
* @icsk_timeout: Timeout
|
|
* @icsk_retransmit_timer: Resend (no ack)
|
|
* @icsk_rto: Retransmit timeout
|
|
* @icsk_pmtu_cookie Last pmtu seen by socket
|
|
* @icsk_ca_ops Pluggable congestion control hook
|
|
* @icsk_af_ops Operations which are AF_INET{4,6} specific
|
|
* @icsk_ca_state: Congestion control state
|
|
* @icsk_retransmits: Number of unrecovered [RTO] timeouts
|
|
* @icsk_pending: Scheduled timer event
|
|
* @icsk_backoff: Backoff
|
|
* @icsk_syn_retries: Number of allowed SYN (or equivalent) retries
|
|
* @icsk_probes_out: unanswered 0 window probes
|
|
* @icsk_ext_hdr_len: Network protocol overhead (IP/IPv6 options)
|
|
* @icsk_ack: Delayed ACK control data
|
|
* @icsk_mtup; MTU probing control data
|
|
*/
|
|
struct inet_connection_sock {
|
|
/* inet_sock has to be the first member! */
|
|
struct inet_sock icsk_inet;
|
|
struct request_sock_queue icsk_accept_queue;
|
|
struct inet_bind_bucket *icsk_bind_hash;
|
|
unsigned long icsk_timeout;
|
|
struct timer_list icsk_retransmit_timer;
|
|
struct timer_list icsk_delack_timer;
|
|
__u32 icsk_rto;
|
|
__u32 icsk_pmtu_cookie;
|
|
const struct tcp_congestion_ops *icsk_ca_ops;
|
|
const struct inet_connection_sock_af_ops *icsk_af_ops;
|
|
unsigned int (*icsk_sync_mss)(struct sock *sk, u32 pmtu);
|
|
__u8 icsk_ca_state:6,
|
|
icsk_ca_setsockopt:1,
|
|
icsk_ca_dst_locked:1;
|
|
__u8 icsk_retransmits;
|
|
__u8 icsk_pending;
|
|
__u8 icsk_backoff;
|
|
__u8 icsk_syn_retries;
|
|
__u8 icsk_probes_out;
|
|
__u16 icsk_ext_hdr_len;
|
|
struct {
|
|
__u8 pending; /* ACK is pending */
|
|
__u8 quick; /* Scheduled number of quick acks */
|
|
__u8 pingpong; /* The session is interactive */
|
|
__u8 blocked; /* Delayed ACK was blocked by socket lock */
|
|
__u32 ato; /* Predicted tick of soft clock */
|
|
unsigned long timeout; /* Currently scheduled timeout */
|
|
__u32 lrcvtime; /* timestamp of last received data packet */
|
|
__u16 last_seg_size; /* Size of last incoming segment */
|
|
__u16 rcv_mss; /* MSS used for delayed ACK decisions */
|
|
} icsk_ack;
|
|
struct {
|
|
int enabled;
|
|
|
|
/* Range of MTUs to search */
|
|
int search_high;
|
|
int search_low;
|
|
|
|
/* Information on the current probe. */
|
|
int probe_size;
|
|
|
|
u32 probe_timestamp;
|
|
} icsk_mtup;
|
|
u32 icsk_user_timeout;
|
|
|
|
u64 icsk_ca_priv[64 / sizeof(u64)];
|
|
#define ICSK_CA_PRIV_SIZE (8 * sizeof(u64))
|
|
};
|
|
|
|
#define ICSK_TIME_RETRANS 1 /* Retransmit timer */
|
|
#define ICSK_TIME_DACK 2 /* Delayed ack timer */
|
|
#define ICSK_TIME_PROBE0 3 /* Zero window probe timer */
|
|
#define ICSK_TIME_EARLY_RETRANS 4 /* Early retransmit timer */
|
|
#define ICSK_TIME_LOSS_PROBE 5 /* Tail loss probe timer */
|
|
|
|
static inline struct inet_connection_sock *inet_csk(const struct sock *sk)
|
|
{
|
|
return (struct inet_connection_sock *)sk;
|
|
}
|
|
|
|
static inline void *inet_csk_ca(const struct sock *sk)
|
|
{
|
|
return (void *)inet_csk(sk)->icsk_ca_priv;
|
|
}
|
|
|
|
struct sock *inet_csk_clone_lock(const struct sock *sk,
|
|
const struct request_sock *req,
|
|
const gfp_t priority);
|
|
|
|
enum inet_csk_ack_state_t {
|
|
ICSK_ACK_SCHED = 1,
|
|
ICSK_ACK_TIMER = 2,
|
|
ICSK_ACK_PUSHED = 4,
|
|
ICSK_ACK_PUSHED2 = 8
|
|
};
|
|
|
|
void inet_csk_init_xmit_timers(struct sock *sk,
|
|
void (*retransmit_handler)(unsigned long),
|
|
void (*delack_handler)(unsigned long),
|
|
void (*keepalive_handler)(unsigned long));
|
|
void inet_csk_clear_xmit_timers(struct sock *sk);
|
|
|
|
static inline void inet_csk_schedule_ack(struct sock *sk)
|
|
{
|
|
inet_csk(sk)->icsk_ack.pending |= ICSK_ACK_SCHED;
|
|
}
|
|
|
|
static inline int inet_csk_ack_scheduled(const struct sock *sk)
|
|
{
|
|
return inet_csk(sk)->icsk_ack.pending & ICSK_ACK_SCHED;
|
|
}
|
|
|
|
static inline void inet_csk_delack_init(struct sock *sk)
|
|
{
|
|
memset(&inet_csk(sk)->icsk_ack, 0, sizeof(inet_csk(sk)->icsk_ack));
|
|
}
|
|
|
|
void inet_csk_delete_keepalive_timer(struct sock *sk);
|
|
void inet_csk_reset_keepalive_timer(struct sock *sk, unsigned long timeout);
|
|
|
|
#ifdef INET_CSK_DEBUG
|
|
extern const char inet_csk_timer_bug_msg[];
|
|
#endif
|
|
|
|
static inline void inet_csk_clear_xmit_timer(struct sock *sk, const int what)
|
|
{
|
|
struct inet_connection_sock *icsk = inet_csk(sk);
|
|
|
|
if (what == ICSK_TIME_RETRANS || what == ICSK_TIME_PROBE0) {
|
|
icsk->icsk_pending = 0;
|
|
#ifdef INET_CSK_CLEAR_TIMERS
|
|
sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
|
|
#endif
|
|
} else if (what == ICSK_TIME_DACK) {
|
|
icsk->icsk_ack.blocked = icsk->icsk_ack.pending = 0;
|
|
#ifdef INET_CSK_CLEAR_TIMERS
|
|
sk_stop_timer(sk, &icsk->icsk_delack_timer);
|
|
#endif
|
|
}
|
|
#ifdef INET_CSK_DEBUG
|
|
else {
|
|
pr_debug("%s", inet_csk_timer_bug_msg);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Reset the retransmission timer
|
|
*/
|
|
static inline void inet_csk_reset_xmit_timer(struct sock *sk, const int what,
|
|
unsigned long when,
|
|
const unsigned long max_when)
|
|
{
|
|
struct inet_connection_sock *icsk = inet_csk(sk);
|
|
|
|
if (when > max_when) {
|
|
#ifdef INET_CSK_DEBUG
|
|
pr_debug("reset_xmit_timer: sk=%p %d when=0x%lx, caller=%p\n",
|
|
sk, what, when, current_text_addr());
|
|
#endif
|
|
when = max_when;
|
|
}
|
|
|
|
if (what == ICSK_TIME_RETRANS || what == ICSK_TIME_PROBE0 ||
|
|
what == ICSK_TIME_EARLY_RETRANS || what == ICSK_TIME_LOSS_PROBE) {
|
|
icsk->icsk_pending = what;
|
|
icsk->icsk_timeout = jiffies + when;
|
|
sk_reset_timer(sk, &icsk->icsk_retransmit_timer, icsk->icsk_timeout);
|
|
} else if (what == ICSK_TIME_DACK) {
|
|
icsk->icsk_ack.pending |= ICSK_ACK_TIMER;
|
|
icsk->icsk_ack.timeout = jiffies + when;
|
|
sk_reset_timer(sk, &icsk->icsk_delack_timer, icsk->icsk_ack.timeout);
|
|
}
|
|
#ifdef INET_CSK_DEBUG
|
|
else {
|
|
pr_debug("%s", inet_csk_timer_bug_msg);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
static inline unsigned long
|
|
inet_csk_rto_backoff(const struct inet_connection_sock *icsk,
|
|
unsigned long max_when)
|
|
{
|
|
u64 when = (u64)icsk->icsk_rto << icsk->icsk_backoff;
|
|
|
|
return (unsigned long)min_t(u64, when, max_when);
|
|
}
|
|
|
|
struct sock *inet_csk_accept(struct sock *sk, int flags, int *err);
|
|
|
|
int inet_csk_bind_conflict(const struct sock *sk,
|
|
const struct inet_bind_bucket *tb, bool relax);
|
|
int inet_csk_get_port(struct sock *sk, unsigned short snum);
|
|
|
|
struct dst_entry *inet_csk_route_req(const struct sock *sk, struct flowi4 *fl4,
|
|
const struct request_sock *req);
|
|
struct dst_entry *inet_csk_route_child_sock(const struct sock *sk,
|
|
struct sock *newsk,
|
|
const struct request_sock *req);
|
|
|
|
struct sock *inet_csk_reqsk_queue_add(struct sock *sk,
|
|
struct request_sock *req,
|
|
struct sock *child);
|
|
void inet_csk_reqsk_queue_hash_add(struct sock *sk, struct request_sock *req,
|
|
unsigned long timeout);
|
|
struct sock *inet_csk_complete_hashdance(struct sock *sk, struct sock *child,
|
|
struct request_sock *req,
|
|
bool own_req);
|
|
|
|
static inline void inet_csk_reqsk_queue_added(struct sock *sk)
|
|
{
|
|
reqsk_queue_added(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_len(const struct sock *sk)
|
|
{
|
|
return reqsk_queue_len(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_young(const struct sock *sk)
|
|
{
|
|
return reqsk_queue_len_young(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_is_full(const struct sock *sk)
|
|
{
|
|
return inet_csk_reqsk_queue_len(sk) >= sk->sk_max_ack_backlog;
|
|
}
|
|
|
|
void inet_csk_reqsk_queue_drop(struct sock *sk, struct request_sock *req);
|
|
void inet_csk_reqsk_queue_drop_and_put(struct sock *sk, struct request_sock *req);
|
|
|
|
void inet_csk_destroy_sock(struct sock *sk);
|
|
void inet_csk_prepare_forced_close(struct sock *sk);
|
|
|
|
/*
|
|
* LISTEN is a special case for poll..
|
|
*/
|
|
static inline unsigned int inet_csk_listen_poll(const struct sock *sk)
|
|
{
|
|
return !reqsk_queue_empty(&inet_csk(sk)->icsk_accept_queue) ?
|
|
(POLLIN | POLLRDNORM) : 0;
|
|
}
|
|
|
|
int inet_csk_listen_start(struct sock *sk, int backlog);
|
|
void inet_csk_listen_stop(struct sock *sk);
|
|
|
|
void inet_csk_addr2sockaddr(struct sock *sk, struct sockaddr *uaddr);
|
|
|
|
int inet_csk_compat_getsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
int inet_csk_compat_setsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
|
|
struct dst_entry *inet_csk_update_pmtu(struct sock *sk, u32 mtu);
|
|
#endif /* _INET_CONNECTION_SOCK_H */
|